Share this story

It was only a matter of time before NSA leaker Edward Snowden's treasure trove of documents would unveil that government snoops were monitoring file-sharing sites.

According to the Snowden documents unveiled Wednesday by The Intercept, the Canadian government's spy apparatus has been monitoring as many as 102 file-sharing sites. The documents, which date to 2012, only named three of the sites: RapidShare, SendSpace, and the defunct MegaUpload. The sites are dubbed FFU for "Free File Upload."

The goal of the program, LEVITATION, is to nab suspected terrorists seeding or leeching material connected to terror, such as hostage videos and bomb-making recipes. One document says that "Al-Qaida uses FFU sites to distribute Jihadist propaganda. Extremists use FFU sites to distribute training materials."

The spying by the Communications Security Establishment—Canada's equivalent to the NSA—is done without the cooperation of the file-sharing services.

The documents show that about 350 documents catch the attention of agents each month, just a tiny fraction of the millions of files surveilled. The Canadian spy agency maintains a catalog of about 2,200 links deemed of "interest." At one point, the spy system got clogged with Glee TV series downloads, according to the documents.

Another project dubbed ATOMIC BANJO is tapped into Internet cables and vacuums up the data, according to the documents. Because of the nature of file sharing, IP addresses from those downloading from the file-sharing sites are visible to Canadian spies.

There is no evidence that the results of the snooping were used to nab file sharers trafficking copyrighted content who were not involved in terrorism.

According to The Intercept:

The IP addresses are valuable pieces of information to CSE’s analysts, helping to identify people whose downloads have been flagged as suspicious. The analysts use the IP addresses as a kind of search term, entering them into other surveillance databases that they have access to, such as the vast repositories of intercepted Internet data shared with the Canadian agency by the NSA and its British counterpart Government Communications Headquarters.

If successful, the searches will return a list of results showing other websites visited by the people downloading the files – in some cases revealing associations with Facebook or Google accounts. In turn, these accounts may reveal the names and the locations of individual downloaders, opening the door for further surveillance of their activities.

The documents do not say whether a terror attack was ever prevented.

The Communications Security Establishment, known as CSE, said in a statement that the "CSE is legally authorized to collect and analyze metadata, including from parts of the Internet routinely used by terrorists. Some of CSE's metadata analysis activities are designed to identify foreign terrorists who use the Internet to conduct activities that threaten the security of Canada and Canadian citizens."

The CSE would not say whether project LEVITATION was still under operation.

Share this story

David Kravets
The senior editor for Ars Technica. Founder of TYDN fake news site. Technologist. Political scientist. Humorist. Dad of two boys. Been doing journalism for so long I remember manual typewriters with real paper. Emaildavid.kravets@arstechnica.com//Twitter@dmkravets